In this chapter we propose a decision support system for privacy management of context-aware technologies, which requires the alignment of four dimensions: business, regulation, technology, and user behavior. We have developed a middleware model able to achieve compliance with privacy policies within a dynamic and context-aware risk management situation. We illustrate our model in more details by means of a small prototype that we developed, and we present the current outcomes of its implementation to derive some pointers for the direction of future investigation.
TopIntroduction
Privacy is generally referred as “a state in which one is not observed or disturbed by others” (Oxford Dictionary, 2010), and privacy management for pervasive technologies can be treated as an information security issue. Security experts have been advocating that information security should result from the alignment of the technical, business, and regulatory dimensions (Anderson, 2001), suggesting an information risk management approach to let the user achieve the best security level according to the environmental threats (Blakley et al. 2001). Therefore one should also look at how to manage the risk that privacy is not assured, before looking at how to achieve privacy from a technical point of view.
Contingency theory is a class of behavioral theory that claims that the optimal course of action is contingent upon both the internal and external situations. Such theory postulates that impacts of environmental factors are systemic, rather than entirely situational. That fits the case of mobile payment services that differ between markets, in ways linked to their particular systems, for instance there are differences in payment technology infrastructure, regulation, laws, or habits. Therefore contingency theory can be used as a reference framework to assess the literature on mobile payment published in information system, electronic commerce, and mobile commerce journals, and conference proceedings (Dahlberg et al. 2007). It appears that a contingency factor (Changes in Technological Environment) has been intensively studied, two contingency factors (Changes in Commerce Environment and Changes in Legal, Regulatory, and Standardization Environment) have been addressed by not more than twenty articles, whereas one contingency factor (Changes in Social/Cultural Environment) was not treated in any article.
Literature on privacy risk management can be assessed using three contingency factors suggested by Anderson (2001): technology, business, and legal. To address the gap underlined by Dahlberg et al. (2007) we add a fourth dimension: the user’s perception of its environment.